CAUSE
The Cluster service must be allowed anonymous (null) access to the Active Directory to be able to publish clustered printers in the Active
Directory. If the "Permissions compatible with pre-Windows 2000 servers" option is not selected during the Dcpromo.exe process for installing and configuring a domain controller (DC), the Everyone group is not 'nested' in the "Pre-Windows 2000 Compatible Access" built-in group. This effectively disallows anonymous (null) connections to the Active Directory, and prevents the Cluster service from publishing printers to the Active Directory. In a network trace of the behavior, the ldap AddRequest for the printer is noticeably absent, but all other ldap traffic is normal. Printers can still be defined locally on the node and published to the Active Directory. The failure occurs when the cluster virtual_server_name is used to publish the printers.
The following sample is a sample frame for an ldap AddRequest for publishing a printer to the Active Directory by using the cluster virtual server name.
NOTE: The virtual_server_name is associated with the cluster node (computer account) that the printer is initially configured on.
TCP: .AP..., len: 337, seq:2731014096-2731014433, ack: 315560005, win:16820, src: 1391 dst: 389
LDAP: ProtocolOp: AddRequest (8)
LDAP: MessageID = 158 (0x9E)
LDAP: ProtocolOp = AddRequest
LDAP: Object Name = CN=DELLPRINTSRV-HP4SI,CN=DELLNODEA,CN=Computers,DC=cluster,DC=co
LDAP: Attribute Type = uNCName
LDAP: Attribute Value = \\DELLPRINTSRV.cluster.com\HP4SI
LDAP: Attribute Type = versionNumber
LDAP: Attribute Value = 4
LDAP: Attribute Type = serverName
LDAP: Attribute Value = DELLPRINTSRV.cluster.com
LDAP: Attribute Type = shortServerName
LDAP: Attribute Value = \DELLPRINTSRV
LDAP: Attribute Type = printerName
LDAP: Attribute Value = HP4SI
LDAP: Attribute Type = objectClass
LDAP: Attribute Value = printQueue
The following sample is a sample frame for an Active Directory search request for the same printer that was previously added in the preceding sample:
LDAP: ProtocolOp: SearchRequest (3)
LDAP: MessageID = 61 (0x3D)
LDAP: ProtocolOp = SearchRequest
LDAP: Base Object = DC=cluster,DC=com
LDAP: Scope = Whole Subtree
LDAP: Deref Aliases = Never Deref Aliases
LDAP: Size Limit = No Limit
LDAP: Time Limit = No Limit
LDAP: Attrs Only = 0 (0x0)
LDAP: Filter
LDAP: Filter Type = And
LDAP: Filter Type = Not
LDAP: Filter Type = Equality Match
LDAP: Attribute Type = showInAdvancedViewOnly
LDAP: Attribute Value = TRUE
LDAP: Filter Type = Present
LDAP: Attribute Type = uncName
LDAP: Filter Type = Equality Match
LDAP: Attribute Type = objectCategory
LDAP: Attribute Value = printQueue
LDAP: Filter Type = Substrings
LDAP: Attribute Type = printerName
LDAP: Substring (Initial) = hp4si
LDAP: Attribute Description List
LDAP: Attribute Type = objectClass
LDAP: Attribute Type = printerName
LDAP: Attribute Type = location
LDAP: Attribute Type = driverName
LDAP: Attribute Type = serverName
LDAP: Attribute Type = description
LDAP: Controls
LDAP: Domain Scope Control
LDAP: Criticality = 0 (0x0)
LDAP: Paged Control
LDAP: Criticality = 255 (0xFF)
LDAP: Page Size = 64 (0x40)
The following response is the response to the preceding request for the printer:
LDAP: ProtocolOp: SearchResponse (4)
LDAP: MessageID = 61 (0x3D)
LDAP: ProtocolOp = SearchResponse
LDAP: Object Name = CN=DELLPRINTSRV-HP4SI,CN=DELLNODEA,CN=Computers,DC=cluster,DC=co
LDAP: Attribute Type = driverName
LDAP: Attribute Value = HP LaserJet 4Si MX
LDAP: Attribute Type = location
LDAP: Attribute Value = Dell Cluster
LDAP: Attribute Type = objectClass
LDAP: Attribute Value = top
LDAP: Attribute Value = leaf
LDAP: Attribute Value = connectionPoint
LDAP: Attribute Value = printQueue
LDAP: Attribute Type = printerName
LDAP: Attribute Value = HP4SI
LDAP: Attribute Type = serverName
LDAP: Attribute Value = DELLPRINTSRV.cluster.com
LDAP: MessageID = 61 (0x3D)
LDAP: ProtocolOp = SearchResponse (simple)
LDAP: Result Code = Success
LDAP: Controls
LDAP: Paged Control
LDAP: Criticality = 0 (0x0)
LDAP: Page Size = 0 (0x0)